summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/pkcs12.c
diff options
context:
space:
mode:
authortb <>2023-03-06 14:32:06 +0000
committertb <>2023-03-06 14:32:06 +0000
commit6c965e26b1a93da63948edae6b68564be1ded507 (patch)
treebbe07d6e06b695cebe22802551f2db0a61354d7c /src/usr.bin/openssl/pkcs12.c
parent48e828ea26ee91710242131cd75cd9d1d20b773c (diff)
downloadopenbsd-6c965e26b1a93da63948edae6b68564be1ded507.tar.gz
openbsd-6c965e26b1a93da63948edae6b68564be1ded507.tar.bz2
openbsd-6c965e26b1a93da63948edae6b68564be1ded507.zip
Rename struct ${app}_config to plain cfg
All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoids many overlong lines and we will be able to get rid of some unfortunate line wrapping down the road. Discussed with jsing
Diffstat (limited to 'src/usr.bin/openssl/pkcs12.c')
-rw-r--r--src/usr.bin/openssl/pkcs12.c204
1 files changed, 102 insertions, 102 deletions
diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c
index 6e671e9275..aedae640e3 100644
--- a/src/usr.bin/openssl/pkcs12.c
+++ b/src/usr.bin/openssl/pkcs12.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs12.c,v 1.24 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: pkcs12.c,v 1.25 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -118,16 +118,16 @@ static struct {
118 char *passargin; 118 char *passargin;
119 char *passargout; 119 char *passargout;
120 int twopass; 120 int twopass;
121} pkcs12_config; 121} cfg;
122 122
123static int 123static int
124pkcs12_opt_canames(char *arg) 124pkcs12_opt_canames(char *arg)
125{ 125{
126 if (pkcs12_config.canames == NULL && 126 if (cfg.canames == NULL &&
127 (pkcs12_config.canames = sk_OPENSSL_STRING_new_null()) == NULL) 127 (cfg.canames = sk_OPENSSL_STRING_new_null()) == NULL)
128 return (1); 128 return (1);
129 129
130 if (!sk_OPENSSL_STRING_push(pkcs12_config.canames, arg)) 130 if (!sk_OPENSSL_STRING_push(cfg.canames, arg))
131 return (1); 131 return (1);
132 132
133 return (0); 133 return (0);
@@ -136,20 +136,20 @@ pkcs12_opt_canames(char *arg)
136static int 136static int
137pkcs12_opt_cert_pbe(char *arg) 137pkcs12_opt_cert_pbe(char *arg)
138{ 138{
139 return (!set_pbe(bio_err, &pkcs12_config.cert_pbe, arg)); 139 return (!set_pbe(bio_err, &cfg.cert_pbe, arg));
140} 140}
141 141
142static int 142static int
143pkcs12_opt_key_pbe(char *arg) 143pkcs12_opt_key_pbe(char *arg)
144{ 144{
145 return (!set_pbe(bio_err, &pkcs12_config.key_pbe, arg)); 145 return (!set_pbe(bio_err, &cfg.key_pbe, arg));
146} 146}
147 147
148static int 148static int
149pkcs12_opt_passarg(char *arg) 149pkcs12_opt_passarg(char *arg)
150{ 150{
151 pkcs12_config.passarg = arg; 151 cfg.passarg = arg;
152 pkcs12_config.noprompt = 1; 152 cfg.noprompt = 1;
153 return (0); 153 return (0);
154} 154}
155 155
@@ -196,8 +196,8 @@ pkcs12_opt_enc(int argc, char **argv, int *argsused)
196 return (1); 196 return (1);
197 197
198 if (strcmp(name, "nodes") == 0) 198 if (strcmp(name, "nodes") == 0)
199 pkcs12_config.enc = NULL; 199 cfg.enc = NULL;
200 else if ((pkcs12_config.enc = get_cipher_by_name(name)) == NULL) 200 else if ((cfg.enc = get_cipher_by_name(name)) == NULL)
201 return (1); 201 return (1);
202 202
203 *argsused = 1; 203 *argsused = 1;
@@ -269,7 +269,7 @@ static const struct option pkcs12_options[] = {
269 .name = "cacerts", 269 .name = "cacerts",
270 .desc = "Only output CA certificates", 270 .desc = "Only output CA certificates",
271 .type = OPTION_VALUE_OR, 271 .type = OPTION_VALUE_OR,
272 .opt.value = &pkcs12_config.options, 272 .opt.value = &cfg.options,
273 .value = CACERTS, 273 .value = CACERTS,
274 }, 274 },
275 { 275 {
@@ -277,7 +277,7 @@ static const struct option pkcs12_options[] = {
277 .argname = "file", 277 .argname = "file",
278 .desc = "PEM format file of CA certificates", 278 .desc = "PEM format file of CA certificates",
279 .type = OPTION_ARG, 279 .type = OPTION_ARG,
280 .opt.arg = &pkcs12_config.CAfile, 280 .opt.arg = &cfg.CAfile,
281 }, 281 },
282 { 282 {
283 .name = "caname", 283 .name = "caname",
@@ -291,14 +291,14 @@ static const struct option pkcs12_options[] = {
291 .argname = "directory", 291 .argname = "directory",
292 .desc = "PEM format directory of CA certificates", 292 .desc = "PEM format directory of CA certificates",
293 .type = OPTION_ARG, 293 .type = OPTION_ARG,
294 .opt.arg = &pkcs12_config.CApath, 294 .opt.arg = &cfg.CApath,
295 }, 295 },
296 { 296 {
297 .name = "certfile", 297 .name = "certfile",
298 .argname = "file", 298 .argname = "file",
299 .desc = "Add all certs in file", 299 .desc = "Add all certs in file",
300 .type = OPTION_ARG, 300 .type = OPTION_ARG,
301 .opt.arg = &pkcs12_config.certfile, 301 .opt.arg = &cfg.certfile,
302 }, 302 },
303 { 303 {
304 .name = "certpbe", 304 .name = "certpbe",
@@ -311,13 +311,13 @@ static const struct option pkcs12_options[] = {
311 .name = "chain", 311 .name = "chain",
312 .desc = "Add certificate chain", 312 .desc = "Add certificate chain",
313 .type = OPTION_FLAG, 313 .type = OPTION_FLAG,
314 .opt.flag = &pkcs12_config.chain, 314 .opt.flag = &cfg.chain,
315 }, 315 },
316 { 316 {
317 .name = "clcerts", 317 .name = "clcerts",
318 .desc = "Only output client certificates", 318 .desc = "Only output client certificates",
319 .type = OPTION_VALUE_OR, 319 .type = OPTION_VALUE_OR,
320 .opt.value = &pkcs12_config.options, 320 .opt.value = &cfg.options,
321 .value = CLCERTS, 321 .value = CLCERTS,
322 }, 322 },
323 { 323 {
@@ -325,33 +325,33 @@ static const struct option pkcs12_options[] = {
325 .argname = "name", 325 .argname = "name",
326 .desc = "Microsoft CSP name", 326 .desc = "Microsoft CSP name",
327 .type = OPTION_ARG, 327 .type = OPTION_ARG,
328 .opt.arg = &pkcs12_config.csp_name, 328 .opt.arg = &cfg.csp_name,
329 }, 329 },
330 { 330 {
331 .name = "descert", 331 .name = "descert",
332 .desc = "Encrypt PKCS#12 certificates with triple DES (default RC2-40)", 332 .desc = "Encrypt PKCS#12 certificates with triple DES (default RC2-40)",
333 .type = OPTION_VALUE, 333 .type = OPTION_VALUE,
334 .opt.value = &pkcs12_config.cert_pbe, 334 .opt.value = &cfg.cert_pbe,
335 .value = NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 335 .value = NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
336 }, 336 },
337 { 337 {
338 .name = "export", 338 .name = "export",
339 .desc = "Output PKCS#12 file", 339 .desc = "Output PKCS#12 file",
340 .type = OPTION_FLAG, 340 .type = OPTION_FLAG,
341 .opt.flag = &pkcs12_config.export_cert, 341 .opt.flag = &cfg.export_cert,
342 }, 342 },
343 { 343 {
344 .name = "in", 344 .name = "in",
345 .argname = "file", 345 .argname = "file",
346 .desc = "Input filename", 346 .desc = "Input filename",
347 .type = OPTION_ARG, 347 .type = OPTION_ARG,
348 .opt.arg = &pkcs12_config.infile, 348 .opt.arg = &cfg.infile,
349 }, 349 },
350 { 350 {
351 .name = "info", 351 .name = "info",
352 .desc = "Give info about PKCS#12 structure", 352 .desc = "Give info about PKCS#12 structure",
353 .type = OPTION_VALUE_OR, 353 .type = OPTION_VALUE_OR,
354 .opt.value = &pkcs12_config.options, 354 .opt.value = &cfg.options,
355 .value = INFO, 355 .value = INFO,
356 }, 356 },
357 { 357 {
@@ -359,13 +359,13 @@ static const struct option pkcs12_options[] = {
359 .argname = "file", 359 .argname = "file",
360 .desc = "Private key if not infile", 360 .desc = "Private key if not infile",
361 .type = OPTION_ARG, 361 .type = OPTION_ARG,
362 .opt.arg = &pkcs12_config.keyname, 362 .opt.arg = &cfg.keyname,
363 }, 363 },
364 { 364 {
365 .name = "keyex", 365 .name = "keyex",
366 .desc = "Set MS key exchange type", 366 .desc = "Set MS key exchange type",
367 .type = OPTION_VALUE, 367 .type = OPTION_VALUE,
368 .opt.value = &pkcs12_config.keytype, 368 .opt.value = &cfg.keytype,
369 .value = KEY_EX, 369 .value = KEY_EX,
370 }, 370 },
371 { 371 {
@@ -379,27 +379,27 @@ static const struct option pkcs12_options[] = {
379 .name = "keysig", 379 .name = "keysig",
380 .desc = "Set MS key signature type", 380 .desc = "Set MS key signature type",
381 .type = OPTION_VALUE, 381 .type = OPTION_VALUE,
382 .opt.value = &pkcs12_config.keytype, 382 .opt.value = &cfg.keytype,
383 .value = KEY_SIG, 383 .value = KEY_SIG,
384 }, 384 },
385 { 385 {
386 .name = "LMK", 386 .name = "LMK",
387 .desc = "Add local machine keyset attribute to private key", 387 .desc = "Add local machine keyset attribute to private key",
388 .type = OPTION_FLAG, 388 .type = OPTION_FLAG,
389 .opt.flag = &pkcs12_config.add_lmk, 389 .opt.flag = &cfg.add_lmk,
390 }, 390 },
391 { 391 {
392 .name = "macalg", 392 .name = "macalg",
393 .argname = "alg", 393 .argname = "alg",
394 .desc = "Digest algorithm used in MAC (default SHA1)", 394 .desc = "Digest algorithm used in MAC (default SHA1)",
395 .type = OPTION_ARG, 395 .type = OPTION_ARG,
396 .opt.arg = &pkcs12_config.macalg, 396 .opt.arg = &cfg.macalg,
397 }, 397 },
398 { 398 {
399 .name = "maciter", 399 .name = "maciter",
400 .desc = "Use MAC iteration", 400 .desc = "Use MAC iteration",
401 .type = OPTION_VALUE, 401 .type = OPTION_VALUE,
402 .opt.value = &pkcs12_config.maciter, 402 .opt.value = &cfg.maciter,
403 .value = PKCS12_DEFAULT_ITER, 403 .value = PKCS12_DEFAULT_ITER,
404 }, 404 },
405 { 405 {
@@ -407,13 +407,13 @@ static const struct option pkcs12_options[] = {
407 .argname = "name", 407 .argname = "name",
408 .desc = "Use name as friendly name", 408 .desc = "Use name as friendly name",
409 .type = OPTION_ARG, 409 .type = OPTION_ARG,
410 .opt.arg = &pkcs12_config.name, 410 .opt.arg = &cfg.name,
411 }, 411 },
412 { 412 {
413 .name = "nocerts", 413 .name = "nocerts",
414 .desc = "Don't output certificates", 414 .desc = "Don't output certificates",
415 .type = OPTION_VALUE_OR, 415 .type = OPTION_VALUE_OR,
416 .opt.value = &pkcs12_config.options, 416 .opt.value = &cfg.options,
417 .value = NOCERTS, 417 .value = NOCERTS,
418 }, 418 },
419 { 419 {
@@ -426,42 +426,42 @@ static const struct option pkcs12_options[] = {
426 .name = "noiter", 426 .name = "noiter",
427 .desc = "Don't use encryption iteration", 427 .desc = "Don't use encryption iteration",
428 .type = OPTION_VALUE, 428 .type = OPTION_VALUE,
429 .opt.value = &pkcs12_config.iter, 429 .opt.value = &cfg.iter,
430 .value = 1, 430 .value = 1,
431 }, 431 },
432 { 432 {
433 .name = "nokeys", 433 .name = "nokeys",
434 .desc = "Don't output private keys", 434 .desc = "Don't output private keys",
435 .type = OPTION_VALUE_OR, 435 .type = OPTION_VALUE_OR,
436 .opt.value = &pkcs12_config.options, 436 .opt.value = &cfg.options,
437 .value = NOKEYS, 437 .value = NOKEYS,
438 }, 438 },
439 { 439 {
440 .name = "nomac", 440 .name = "nomac",
441 .desc = "Don't generate MAC", 441 .desc = "Don't generate MAC",
442 .type = OPTION_VALUE, 442 .type = OPTION_VALUE,
443 .opt.value = &pkcs12_config.maciter, 443 .opt.value = &cfg.maciter,
444 .value = -1, 444 .value = -1,
445 }, 445 },
446 { 446 {
447 .name = "nomaciter", 447 .name = "nomaciter",
448 .desc = "Don't use MAC iteration", 448 .desc = "Don't use MAC iteration",
449 .type = OPTION_VALUE, 449 .type = OPTION_VALUE,
450 .opt.value = &pkcs12_config.maciter, 450 .opt.value = &cfg.maciter,
451 .value = 1, 451 .value = 1,
452 }, 452 },
453 { 453 {
454 .name = "nomacver", 454 .name = "nomacver",
455 .desc = "Don't verify MAC", 455 .desc = "Don't verify MAC",
456 .type = OPTION_VALUE, 456 .type = OPTION_VALUE,
457 .opt.value = &pkcs12_config.macver, 457 .opt.value = &cfg.macver,
458 .value = 0, 458 .value = 0,
459 }, 459 },
460 { 460 {
461 .name = "noout", 461 .name = "noout",
462 .desc = "Don't output anything, just verify", 462 .desc = "Don't output anything, just verify",
463 .type = OPTION_VALUE_OR, 463 .type = OPTION_VALUE_OR,
464 .opt.value = &pkcs12_config.options, 464 .opt.value = &cfg.options,
465 .value = (NOKEYS | NOCERTS), 465 .value = (NOKEYS | NOCERTS),
466 }, 466 },
467 { 467 {
@@ -469,21 +469,21 @@ static const struct option pkcs12_options[] = {
469 .argname = "file", 469 .argname = "file",
470 .desc = "Output filename", 470 .desc = "Output filename",
471 .type = OPTION_ARG, 471 .type = OPTION_ARG,
472 .opt.arg = &pkcs12_config.outfile, 472 .opt.arg = &cfg.outfile,
473 }, 473 },
474 { 474 {
475 .name = "passin", 475 .name = "passin",
476 .argname = "arg", 476 .argname = "arg",
477 .desc = "Input file passphrase source", 477 .desc = "Input file passphrase source",
478 .type = OPTION_ARG, 478 .type = OPTION_ARG,
479 .opt.arg = &pkcs12_config.passargin, 479 .opt.arg = &cfg.passargin,
480 }, 480 },
481 { 481 {
482 .name = "passout", 482 .name = "passout",
483 .argname = "arg", 483 .argname = "arg",
484 .desc = "Output file passphrase source", 484 .desc = "Output file passphrase source",
485 .type = OPTION_ARG, 485 .type = OPTION_ARG,
486 .opt.arg = &pkcs12_config.passargout, 486 .opt.arg = &cfg.passargout,
487 }, 487 },
488 { 488 {
489 .name = "password", 489 .name = "password",
@@ -496,7 +496,7 @@ static const struct option pkcs12_options[] = {
496 .name = "twopass", 496 .name = "twopass",
497 .desc = "Separate MAC, encryption passwords", 497 .desc = "Separate MAC, encryption passwords",
498 .type = OPTION_FLAG, 498 .type = OPTION_FLAG,
499 .opt.flag = &pkcs12_config.twopass, 499 .opt.flag = &cfg.twopass,
500 }, 500 },
501 { NULL }, 501 { NULL },
502}; 502};
@@ -541,73 +541,73 @@ pkcs12_main(int argc, char **argv)
541 exit(1); 541 exit(1);
542 } 542 }
543 543
544 memset(&pkcs12_config, 0, sizeof(pkcs12_config)); 544 memset(&cfg, 0, sizeof(cfg));
545 pkcs12_config.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; 545 cfg.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
546 pkcs12_config.enc = EVP_des_ede3_cbc(); 546 cfg.enc = EVP_des_ede3_cbc();
547 pkcs12_config.iter = PKCS12_DEFAULT_ITER; 547 cfg.iter = PKCS12_DEFAULT_ITER;
548 pkcs12_config.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; 548 cfg.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
549 pkcs12_config.maciter = PKCS12_DEFAULT_ITER; 549 cfg.maciter = PKCS12_DEFAULT_ITER;
550 pkcs12_config.macver = 1; 550 cfg.macver = 1;
551 551
552 if (options_parse(argc, argv, pkcs12_options, NULL, NULL) != 0) { 552 if (options_parse(argc, argv, pkcs12_options, NULL, NULL) != 0) {
553 pkcs12_usage(); 553 pkcs12_usage();
554 goto end; 554 goto end;
555 } 555 }
556 556
557 if (pkcs12_config.passarg != NULL) { 557 if (cfg.passarg != NULL) {
558 if (pkcs12_config.export_cert) 558 if (cfg.export_cert)
559 pkcs12_config.passargout = pkcs12_config.passarg; 559 cfg.passargout = cfg.passarg;
560 else 560 else
561 pkcs12_config.passargin = pkcs12_config.passarg; 561 cfg.passargin = cfg.passarg;
562 } 562 }
563 if (!app_passwd(bio_err, pkcs12_config.passargin, 563 if (!app_passwd(bio_err, cfg.passargin,
564 pkcs12_config.passargout, &passin, &passout)) { 564 cfg.passargout, &passin, &passout)) {
565 BIO_printf(bio_err, "Error getting passwords\n"); 565 BIO_printf(bio_err, "Error getting passwords\n");
566 goto end; 566 goto end;
567 } 567 }
568 if (cpass == NULL) { 568 if (cpass == NULL) {
569 if (pkcs12_config.export_cert) 569 if (cfg.export_cert)
570 cpass = passout; 570 cpass = passout;
571 else 571 else
572 cpass = passin; 572 cpass = passin;
573 } 573 }
574 if (cpass != NULL) { 574 if (cpass != NULL) {
575 mpass = cpass; 575 mpass = cpass;
576 pkcs12_config.noprompt = 1; 576 cfg.noprompt = 1;
577 } else { 577 } else {
578 cpass = pass; 578 cpass = pass;
579 mpass = macpass; 579 mpass = macpass;
580 } 580 }
581 581
582 if (pkcs12_config.infile == NULL) 582 if (cfg.infile == NULL)
583 in = BIO_new_fp(stdin, BIO_NOCLOSE); 583 in = BIO_new_fp(stdin, BIO_NOCLOSE);
584 else 584 else
585 in = BIO_new_file(pkcs12_config.infile, "rb"); 585 in = BIO_new_file(cfg.infile, "rb");
586 if (in == NULL) { 586 if (in == NULL) {
587 BIO_printf(bio_err, "Error opening input file %s\n", 587 BIO_printf(bio_err, "Error opening input file %s\n",
588 pkcs12_config.infile ? pkcs12_config.infile : "<stdin>"); 588 cfg.infile ? cfg.infile : "<stdin>");
589 perror(pkcs12_config.infile); 589 perror(cfg.infile);
590 goto end; 590 goto end;
591 } 591 }
592 592
593 if (pkcs12_config.outfile == NULL) { 593 if (cfg.outfile == NULL) {
594 out = BIO_new_fp(stdout, BIO_NOCLOSE); 594 out = BIO_new_fp(stdout, BIO_NOCLOSE);
595 } else 595 } else
596 out = BIO_new_file(pkcs12_config.outfile, "wb"); 596 out = BIO_new_file(cfg.outfile, "wb");
597 if (out == NULL) { 597 if (out == NULL) {
598 BIO_printf(bio_err, "Error opening output file %s\n", 598 BIO_printf(bio_err, "Error opening output file %s\n",
599 pkcs12_config.outfile ? pkcs12_config.outfile : "<stdout>"); 599 cfg.outfile ? cfg.outfile : "<stdout>");
600 perror(pkcs12_config.outfile); 600 perror(cfg.outfile);
601 goto end; 601 goto end;
602 } 602 }
603 if (pkcs12_config.twopass) { 603 if (cfg.twopass) {
604 if (EVP_read_pw_string(macpass, sizeof macpass, 604 if (EVP_read_pw_string(macpass, sizeof macpass,
605 "Enter MAC Password:", pkcs12_config.export_cert)) { 605 "Enter MAC Password:", cfg.export_cert)) {
606 BIO_printf(bio_err, "Can't read Password\n"); 606 BIO_printf(bio_err, "Can't read Password\n");
607 goto end; 607 goto end;
608 } 608 }
609 } 609 }
610 if (pkcs12_config.export_cert) { 610 if (cfg.export_cert) {
611 EVP_PKEY *key = NULL; 611 EVP_PKEY *key = NULL;
612 X509 *ucert = NULL, *x = NULL; 612 X509 *ucert = NULL, *x = NULL;
613 STACK_OF(X509) *certs = NULL; 613 STACK_OF(X509) *certs = NULL;
@@ -615,25 +615,25 @@ pkcs12_main(int argc, char **argv)
615 unsigned char *catmp = NULL; 615 unsigned char *catmp = NULL;
616 int i; 616 int i;
617 617
618 if ((pkcs12_config.options & (NOCERTS | NOKEYS)) == 618 if ((cfg.options & (NOCERTS | NOKEYS)) ==
619 (NOCERTS | NOKEYS)) { 619 (NOCERTS | NOKEYS)) {
620 BIO_printf(bio_err, "Nothing to do!\n"); 620 BIO_printf(bio_err, "Nothing to do!\n");
621 goto export_end; 621 goto export_end;
622 } 622 }
623 if (pkcs12_config.options & NOCERTS) 623 if (cfg.options & NOCERTS)
624 pkcs12_config.chain = 0; 624 cfg.chain = 0;
625 625
626 if (!(pkcs12_config.options & NOKEYS)) { 626 if (!(cfg.options & NOKEYS)) {
627 key = load_key(bio_err, pkcs12_config.keyname ? 627 key = load_key(bio_err, cfg.keyname ?
628 pkcs12_config.keyname : pkcs12_config.infile, 628 cfg.keyname : cfg.infile,
629 FORMAT_PEM, 1, passin, "private key"); 629 FORMAT_PEM, 1, passin, "private key");
630 if (!key) 630 if (!key)
631 goto export_end; 631 goto export_end;
632 } 632 }
633 633
634 /* Load in all certs in input file */ 634 /* Load in all certs in input file */
635 if (!(pkcs12_config.options & NOCERTS)) { 635 if (!(cfg.options & NOCERTS)) {
636 certs = load_certs(bio_err, pkcs12_config.infile, 636 certs = load_certs(bio_err, cfg.infile,
637 FORMAT_PEM, NULL, "certificates"); 637 FORMAT_PEM, NULL, "certificates");
638 if (certs == NULL) 638 if (certs == NULL)
639 goto export_end; 639 goto export_end;
@@ -661,10 +661,10 @@ pkcs12_main(int argc, char **argv)
661 } 661 }
662 662
663 /* Add any more certificates asked for */ 663 /* Add any more certificates asked for */
664 if (pkcs12_config.certfile != NULL) { 664 if (cfg.certfile != NULL) {
665 STACK_OF(X509) *morecerts = NULL; 665 STACK_OF(X509) *morecerts = NULL;
666 if ((morecerts = load_certs(bio_err, 666 if ((morecerts = load_certs(bio_err,
667 pkcs12_config.certfile, FORMAT_PEM, NULL, 667 cfg.certfile, FORMAT_PEM, NULL,
668 "certificates from certfile")) == NULL) 668 "certificates from certfile")) == NULL)
669 goto export_end; 669 goto export_end;
670 while (sk_X509_num(morecerts) > 0) 670 while (sk_X509_num(morecerts) > 0)
@@ -674,7 +674,7 @@ pkcs12_main(int argc, char **argv)
674 674
675 675
676 /* If chaining get chain from user cert */ 676 /* If chaining get chain from user cert */
677 if (pkcs12_config.chain) { 677 if (cfg.chain) {
678 int vret; 678 int vret;
679 STACK_OF(X509) *chain2; 679 STACK_OF(X509) *chain2;
680 X509_STORE *store = X509_STORE_new(); 680 X509_STORE *store = X509_STORE_new();
@@ -684,7 +684,7 @@ pkcs12_main(int argc, char **argv)
684 goto export_end; 684 goto export_end;
685 } 685 }
686 if (!X509_STORE_load_locations(store, 686 if (!X509_STORE_load_locations(store,
687 pkcs12_config.CAfile, pkcs12_config.CApath)) 687 cfg.CAfile, cfg.CApath))
688 X509_STORE_set_default_paths(store); 688 X509_STORE_set_default_paths(store);
689 689
690 vret = get_cert_chain(ucert, store, &chain2); 690 vret = get_cert_chain(ucert, store, &chain2);
@@ -711,51 +711,51 @@ pkcs12_main(int argc, char **argv)
711 } 711 }
712 /* Add any CA names */ 712 /* Add any CA names */
713 713
714 for (i = 0; i < sk_OPENSSL_STRING_num(pkcs12_config.canames); 714 for (i = 0; i < sk_OPENSSL_STRING_num(cfg.canames);
715 i++) { 715 i++) {
716 catmp = (unsigned char *) sk_OPENSSL_STRING_value( 716 catmp = (unsigned char *) sk_OPENSSL_STRING_value(
717 pkcs12_config.canames, i); 717 cfg.canames, i);
718 X509_alias_set1(sk_X509_value(certs, i), catmp, -1); 718 X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
719 } 719 }
720 720
721 if (pkcs12_config.csp_name != NULL && key != NULL) 721 if (cfg.csp_name != NULL && key != NULL)
722 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, 722 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
723 MBSTRING_ASC, 723 MBSTRING_ASC,
724 (unsigned char *) pkcs12_config.csp_name, -1); 724 (unsigned char *) cfg.csp_name, -1);
725 725
726 if (pkcs12_config.add_lmk && key != NULL) 726 if (cfg.add_lmk && key != NULL)
727 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, 727 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL,
728 -1); 728 -1);
729 729
730 if (!pkcs12_config.noprompt && 730 if (!cfg.noprompt &&
731 EVP_read_pw_string(pass, sizeof pass, 731 EVP_read_pw_string(pass, sizeof pass,
732 "Enter Export Password:", 1)) { 732 "Enter Export Password:", 1)) {
733 BIO_printf(bio_err, "Can't read Password\n"); 733 BIO_printf(bio_err, "Can't read Password\n");
734 goto export_end; 734 goto export_end;
735 } 735 }
736 if (!pkcs12_config.twopass) 736 if (!cfg.twopass)
737 strlcpy(macpass, pass, sizeof macpass); 737 strlcpy(macpass, pass, sizeof macpass);
738 738
739 739
740 p12 = PKCS12_create(cpass, pkcs12_config.name, key, ucert, 740 p12 = PKCS12_create(cpass, cfg.name, key, ucert,
741 certs, pkcs12_config.key_pbe, pkcs12_config.cert_pbe, 741 certs, cfg.key_pbe, cfg.cert_pbe,
742 pkcs12_config.iter, -1, pkcs12_config.keytype); 742 cfg.iter, -1, cfg.keytype);
743 743
744 if (p12 == NULL) { 744 if (p12 == NULL) {
745 ERR_print_errors(bio_err); 745 ERR_print_errors(bio_err);
746 goto export_end; 746 goto export_end;
747 } 747 }
748 if (pkcs12_config.macalg != NULL) { 748 if (cfg.macalg != NULL) {
749 macmd = EVP_get_digestbyname(pkcs12_config.macalg); 749 macmd = EVP_get_digestbyname(cfg.macalg);
750 if (macmd == NULL) { 750 if (macmd == NULL) {
751 BIO_printf(bio_err, 751 BIO_printf(bio_err,
752 "Unknown digest algorithm %s\n", 752 "Unknown digest algorithm %s\n",
753 pkcs12_config.macalg); 753 cfg.macalg);
754 } 754 }
755 } 755 }
756 if (pkcs12_config.maciter != -1) 756 if (cfg.maciter != -1)
757 PKCS12_set_mac(p12, mpass, -1, NULL, 0, 757 PKCS12_set_mac(p12, mpass, -1, NULL, 0,
758 pkcs12_config.maciter, macmd); 758 cfg.maciter, macmd);
759 759
760 i2d_PKCS12_bio(out, p12); 760 i2d_PKCS12_bio(out, p12);
761 761
@@ -773,27 +773,27 @@ pkcs12_main(int argc, char **argv)
773 ERR_print_errors(bio_err); 773 ERR_print_errors(bio_err);
774 goto end; 774 goto end;
775 } 775 }
776 if (!pkcs12_config.noprompt && EVP_read_pw_string(pass, sizeof pass, 776 if (!cfg.noprompt && EVP_read_pw_string(pass, sizeof pass,
777 "Enter Import Password:", 0)) { 777 "Enter Import Password:", 0)) {
778 BIO_printf(bio_err, "Can't read Password\n"); 778 BIO_printf(bio_err, "Can't read Password\n");
779 goto end; 779 goto end;
780 } 780 }
781 781
782 if (!pkcs12_config.twopass) 782 if (!cfg.twopass)
783 strlcpy(macpass, pass, sizeof macpass); 783 strlcpy(macpass, pass, sizeof macpass);
784 784
785 if ((pkcs12_config.options & INFO) != 0 && PKCS12_mac_present(p12)) { 785 if ((cfg.options & INFO) != 0 && PKCS12_mac_present(p12)) {
786 const ASN1_INTEGER *iter; 786 const ASN1_INTEGER *iter;
787 787
788 PKCS12_get0_mac(NULL, NULL, NULL, &iter, p12); 788 PKCS12_get0_mac(NULL, NULL, NULL, &iter, p12);
789 BIO_printf(bio_err, "MAC Iteration %ld\n", 789 BIO_printf(bio_err, "MAC Iteration %ld\n",
790 iter != NULL ? ASN1_INTEGER_get(iter) : 1); 790 iter != NULL ? ASN1_INTEGER_get(iter) : 1);
791 } 791 }
792 if (pkcs12_config.macver) { 792 if (cfg.macver) {
793 /* If we enter empty password try no password first */ 793 /* If we enter empty password try no password first */
794 if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { 794 if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
795 /* If mac and crypto pass the same set it to NULL too */ 795 /* If mac and crypto pass the same set it to NULL too */
796 if (!pkcs12_config.twopass) 796 if (!cfg.twopass)
797 cpass = NULL; 797 cpass = NULL;
798 } else if (!PKCS12_verify_mac(p12, mpass, -1)) { 798 } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
799 BIO_printf(bio_err, 799 BIO_printf(bio_err,
@@ -803,7 +803,7 @@ pkcs12_main(int argc, char **argv)
803 } 803 }
804 BIO_printf(bio_err, "MAC verified OK\n"); 804 BIO_printf(bio_err, "MAC verified OK\n");
805 } 805 }
806 if (!dump_certs_keys_p12(out, p12, cpass, -1, pkcs12_config.options, 806 if (!dump_certs_keys_p12(out, p12, cpass, -1, cfg.options,
807 passout)) { 807 passout)) {
808 BIO_printf(bio_err, "Error outputting keys and certificates\n"); 808 BIO_printf(bio_err, "Error outputting keys and certificates\n");
809 ERR_print_errors(bio_err); 809 ERR_print_errors(bio_err);
@@ -814,7 +814,7 @@ pkcs12_main(int argc, char **argv)
814 PKCS12_free(p12); 814 PKCS12_free(p12);
815 BIO_free(in); 815 BIO_free(in);
816 BIO_free_all(out); 816 BIO_free_all(out);
817 sk_OPENSSL_STRING_free(pkcs12_config.canames); 817 sk_OPENSSL_STRING_free(cfg.canames);
818 free(passin); 818 free(passin);
819 free(passout); 819 free(passout);
820 820
@@ -907,7 +907,7 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen,
907 if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) 907 if ((pkey = EVP_PKCS82PKEY(p8)) == NULL)
908 return 0; 908 return 0;
909 print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); 909 print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
910 PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, 910 PEM_write_bio_PrivateKey(out, pkey, cfg.enc, NULL, 0,
911 NULL, pempass); 911 NULL, pempass);
912 EVP_PKEY_free(pkey); 912 EVP_PKEY_free(pkey);
913 break; 913 break;
@@ -938,7 +938,7 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen,
938 } 938 }
939 print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); 939 print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
940 PKCS8_PRIV_KEY_INFO_free(p8); 940 PKCS8_PRIV_KEY_INFO_free(p8);
941 PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, 941 PEM_write_bio_PrivateKey(out, pkey, cfg.enc, NULL, 0,
942 NULL, pempass); 942 NULL, pempass);
943 EVP_PKEY_free(pkey); 943 EVP_PKEY_free(pkey);
944 break; 944 break;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 01:48:57 +0000